Eclipse Foundation Turns to Social Coding Sites

The Eclipse Foundation will soon allow the hosting of its projects on social coding sites, such as GitHub and Bitbucket. The idea, says the Foundation's executive director Mike Milinkovich, is to attract new, maturing projects to Eclipse.

"We expect that this will pique the interest of projects that, perhaps, started on GitHub, but have gotten to the point where they're interested in vendor-neutral governance, having infrastructures for following meritocratic processes, and proper intellectual property management," he told ADTmag. "That's not just what GitHub does. I think we're a perfect complement to using GitHub as a repository for your development."

But the move is also about remaining relevant as an open source community, Milinkovich said. He announced the Foundation's plans on his "Life at Eclipse" blog, where he credited Mikeal Rogers' November 2011 post "Apache Considered Harmful" as the inspiration for the decision: "Although I disagreed with many of Mikeal's points," he wrote, "his key point that open source foundations need to change to maintain their relevance resonated strongly with us in the Eclipse community. We listened, we're learning, and we've been working hard to change our processes and infrastructure to stay relevant for open source developers."

Milinkovich's announcement shouldn't come as much of a surprise: The Eclipse Foundation has been shifting to the very popular Git distributed version control system (DVCS) for some time; it stopped using CVS altogether last December. GitHub is one of the most popular social coding sites, in no small part because it relies on Git. In his blog post, Milinkovich also mentions the Foundation's adoption of the Gerrit code review tool, the implementation of the project management infrastructure (PMI), and its growing use of contributor license agreements (CLA).

The first project on what Milinkovich hopes will be a long list is Vert.x, which has been hosted on GitHub since the project's inception. GitHub describes the project as "a framework which takes inspiration from event driven frameworks like node.js, combines it with a distributed event bus, and sticks it all on the JVM...Vert.x then exposes the API in JavaScript, CoffeeScript, Ruby, Python, Groovy and Java."

It may also have been the impetus for the Foundation's interest in connecting with social coding sites. Vert.x is one of the most watched Java projects on GitHub (literally; there's a list), and the community chose the Eclipse Foundation when it decided to move to a "vendor-neutral home."

"This is about marrying the processes we have at Eclipse with the great tools and well-supported forge that you have at a place like GitHub," Milinkovich said.   

Milinkovich said he expects to talk with Bitbucket, a service that supports both Git and Mercurial and purchased by Atlassian in 2010, as well as other social coding sites, sometime in the future.

Posted by John K. Waters on 06/25/2013 at 10:53 AM0 comments

Dev Watch 6/14: API Management Heats Up

Developer tool and platform vendors are kicking the summer off with a slew of product and partnership announcements. In particular, we've been hearing a lot from providers of tools for publishing, promoting and overseeing application programming interfaces (APIs). Here are some API management product notes that wouldn't fit into the main news feed we thought you shouldn't miss:

  • Apigee unveiled a new feature for its API platform that should appeal to devs building API-powered apps: push notifications. According to the company, its backend-as-a-service (BaaS) capabilities can now be used to deliver relevant and context-aware notifications directly to customers. "Sharing information directly with a carefully targeted audience has proven to be the most effective way to connect with customers," said Ed Anuff, Apigee's head of product strategy, in a statement. He added that the new feature enables highly focused, context-aware push campaigns. The free, self-service Apigee platform is available as software-as-a-service or on-premises. More information about the new push notifications feature is available here.
  • SOA Software has added support for Windows Azure to its API Management solution. The newly released API Management solution for Microsoft is designed to help developers "plan, build, run, and share your APIs on Windows Azure," the company says, both in on-premise environments and hybrids. The API management software integrates natively with the Windows Azure Service Bus, BizTalk Server, and Windows Communication Foundation (WCF). "SOA Software's approach to API management is to emphasize management across the full lifecycle," the company said in an email. "In our experience, working with large corporations, the best practice is to involve stakeholders and processes fully through the plan/build/run/share phases of an API's life." For more information, visit the API Platform page.
  • Enterprise middleware maker WSO2 has released API Manager 1.4, which the company says is the first API manager that can run on a private, public, or hybrid cloud environment. The company also claims that it's the first such product to enable federated access to APIs across multiple entities, "enabling new models for organizations to collaborate and monetize APIs." Launched last year, this birth-to-death API governance and analysis tool/platform is the company's bid to "democratize API management" with an affordable piece of software for controlling and managing the API lifecycle.

Posted by John K. Waters on 06/14/2013 at 10:53 AM0 comments

Oracle Restores TZUpdater for JDK 7

Oracle reversed course this week on its earlier decision to cut the popular Time Zone Updater (TZUpdater) tool from the latest version of the Java Development Kit (JDK 7) --  or was that just a slip of the knife? The tool, which allows developers to update the time zone in any version of the JDK and Java Runtime Environment (JRE) without having to update the JDK/JRE itself, was removed from the Oracle Technology Network (OTN) Web site "as part of maintenance tied to the end of public updates for Oracle JDK 6," wrote Henrik Stahl, senior director of product management in the Java platform group, on the Oracle blog.

In that blog post, Stahl also apologized to the Java community for "any confusion or inconvenience we caused."

When Java 6 reached end-of-life status in March, Oracle dropped a note on the site informing users that the tool was now available only for Oracle Java SE Support customers. Those users were not happy, and they let Oracle know about it. Stahl called the decision "an unintentional side effect" and "not in line with our policy."

Stahl also said that, though the company's goal is "to make sure that the most recent version of the JDK and JRE always contain the most recent time zone data," (by eliminating the need for a separate TZUpdater tool) it's not always possible to do that, "given the timing of the time zone updates." He added that his group is reviewing its own development process "to determine what guarantees we can put in place for the gap between a time zone update and it being available in a public JDK/JRE release."

The most recent version of the Oracle JDK will always be available royalty free, Stahl said, including any tools required to keep it up to date. The TZUpdater is available now for download here.


Posted by John K. Waters on 06/12/2013 at 10:53 AM0 comments

IBM Updating z/OS for Java 7, Aims for the Cloud

IBM wants to give customers using its System z mainframes the ability to extend their important business applications to the Web, the cloud and mobile environments, the company says. Toward that end, the company has updated its Enterprise COBOL for z/OS compiler to support XML Server and Java 7.

IBM's z/OS is a 64-bit operating system for Big Blue's System z mainframes; Enterprise COBOL for z/OS is the compiler that allows line-of-business COBOL applications to execute on z/OS systems. COBOL (Common Business Oriented Language), of course, is one of the oldest high-level programming languages.

Why would IBM invest in an upgrade that allows one of the oldest programming languages in use today to support one of the youngest? The fact is, many enterprises still have a big investment in COBOL code. About 60 percent of the world's business applications were written in COBOL, and an estimated 200 billion-plus lines of the code currently exist. Big Blue claims that nearly 15 percent of all new enterprise application functionality is actually written in COBOL.

"COBOL powers many of the critical systems people rely on every day," said Kevin Stoodley, CTO of IBM's Rational division and an IBM Fellow, in a statement. "With this new software, IBM is helping companies reduce operating costs and processing time associated with these applications while delivering new capabilities to take advantage of cloud, Web and mobile devices."

By supporting Java 7 and XML Server in Enterprise COBOL for z/OS v5.1, the company is effectively extending the life of this venerable system, IBM says, and making it compatible with new cloud-based architectures. Making the compiler Java- and XML-compatible also helps developers to integrate COBOL and Web-based business processes with web services, XML, Java and COBOL applications. The upgrade actually provides both XML and Java interoperability, including flexibility and control of the XML-generated documents.

The system offers support for new UTF-8 built-ins, and some debugging enhancements. It also supports unbounded tables and groups. Look also for a new level of z/OS System Management Facility (SMF) tracking capabilities.   

IBM Enterprise COBOL for z/OS v5.1 compiler works with the latest versions of IBM Customer Information Control System (CICS), Information Management System (IMS) and DB2 software, the company says. The upgrade should be available later this quarter.

Posted by John K. Waters on 05/21/2013 at 10:53 AM0 comments

Google Unveils Go 1.1 Ahead of Annual I/O Conference

Google announced the release of version 1.1 of its Go programming language two days before its annual I/O conference, which gets underway on Wednesday. The first major update of the open source language since the search engine giant released version 1 just about a year ago focuses on performance-related improvements, including optimization of the compiler and linker, garbage collector, goroutine scheduler, map implementation and parts of the standard library

Google engineer Andrew Gerrand announced the release on Monday in "The Go Programming Language Blog." "It is likely that your Go code will run noticeably faster when built with Go 1.1," he wrote.

The new version also comes with minor changes to the language itself. Gerrand calls out two of those changes: modifications to return requirements, which he says will lead to "more succinct and correct programs;" and the introduction of method values, which provides "an expressive way to bind a method to its receiver as a function value."

Concurrent programming is also safer in this version, Gerrand says, because of the addition of a data race detector for ferreting out memory synch errors in the program. More details about how the race detector works are included in the new Go manual. Also, the tools and standard library have been improved and expanded.

First announced in 2009, Go (also known as "Golang") is a compiled, garbage-collected, concurrent system programming language that Google reportedly uses in its own production systems. According to Gerrand, more than 2,600 commits from 161 people have been contributed to the project since Go 1.0 was released.

"All this would not have been possible without the help of our contributors from the open source community," Gerrand added, highlighting the contributions of Shenghou Ma, Rémy Oudompheng, Dave Cheney, Mikio Hara, Alex Brainman, Jan Ziak, and Daniel Morsing.

Go 1.1 is compatible with Go 1.0, but the project leaders recommend that users upgrade to the new release, which can be downloaded here.

The announcement underscores the emphasis Google I/O conference organizers are placing on developers at this year's event.

"This is truly a developer conference this year," one event organizer told @ADTmag. "They're definitely the focus this year."

Sundar Pichai, head of Google's Android group, seemed to be managing expectations for this year's event in a Wired interview. The company won't be launching many new products at this year's show, he said, but instead will show off the work being done by developers on the Android and Google platforms.

That organizer also said that this year's event looks to be the largest to date, with more than 5,500 registered attendees, 120 technical sessions, 18 code labs (essentially, hackathons) and 185 partners in the "Sandbox" showing off their products and services.

Posted by John K. Waters on 05/14/2013 at 10:53 AM0 comments

Microsoft's Mitra Azizirad on the Changing Roles of Dev and Ops

Listening to Mitra Azizirad, GM of Microsoft's Developer Tools Marketing & Sales group, talk about Redmond's plans for its venerable Visual Studio IDE and her long career with the company, I was reminded again why I feel so lucky to be on the tech beat: Almost every day I get to talk with smart people who love what they do.

Azizirad was in San Francisco last week with "Soma" Somasegar, VP of Microsoft's Developer Division, speaking with a group of reporters informally about MS developer tools. (More on that conversation in Visual Studio Magazine.) She started at Microsoft as an architectural engineer based in Washington D.C. back in 1992, which gives her a decades-long perspective on the evolution of the role of the developer in the enterprise.

"These are really exciting times for people in our business," Azizirad said. "Exciting, but unpredictable. No day looks the same at this point. People's roles in the enterprise are changing. And the conversations we're having these days are very different from the conversations we had a few years ago."

Talking with execs about application metrics, for example.

"You find yourself talking with the CIO and CMO about features that have business value and sustaining those throughout a regular cadence," she said. "And how often will we rev certain features? And what are the key performance issues? What are the bottlenecks from a development perspective? How do you recognize those bottlenecks and move past them? How are you looking at where the bugs are showing up and how quickly can you go in and solve for those? These are conversations you would never have had outside the development teams before."

Azizirad is also seeing a significant shift in Application Lifecycle Management (ALM) decision making within the enterprise. Although developers still make the lion's share of those decisions, about a third is now made by operations, she said.

"Developers are still making most of those decisions," she said, "but it used to be just developers. Operations is coming up really quickly in that regard. They're saying, we're not just waiting for you to make the choice; we know what we need on this end, too. So connecting those teams is sometimes a big part of what we do."

But making those connections, Azizirad added, is rarely just about the capabilities of the technology.

"At a certain level, these are cultural issues," she said. "Developers use this set of tools and this set of platforms; operations uses this other set of tools and platforms. Getting past those differences and bringing those groups together has become a core part of a cultural shift within the enterprise."

A shift, she added, that is also being driven by the demands of accelerating software delivery cycles.

"They simply need to come together, because you no longer have these long release cycles," she said. "Gone are the days when you could take three months to plan, nine months to build, and six months to test. When we talk to organizations today, we may start out talking to individuals, but at some point, they're all in the room together."

Microsoft has, itself, committed to rapid update "cadence" of Visual Studio that, along with the usual bug fixes and performance enhancements, includes new functionality, beginning with April's release of Update 2. Since it was launched back in September, Visual Studio 2012 has garnered more than 4 million downloads, the company reports. That's the fastest uptake of any version of VS in the history of the company.

"I've seen just a few truly pivotal shifts in the industry since I joined Microsoft," Azizirad said. "They almost always start with the developer, and I believe that we're seeing one of them now. It's an amazing thing to be a part of."

Posted by John K. Waters on 05/10/2013 at 10:53 AM0 comments

No-Cost Interop 'Lab' Kit Connects Hadoop HBase and Excel

JNBridge, maker of tools that connect Java- and .NET-based components and apps, this week released another of its free "labs," a.k.a. interoperability kits for developers looking for new ways of connecting disparate technologies. The latest lab provides a way to build a Microsoft Excel add-in for Hadoop HBase.

HBase is the Java-based, open source, distributed database for Big Data used by Apache Hadoop, the popular open-source platform for data-intensive distributed computing. HBase apps must use Java APIs, which makes it tough to provide cross-platform business intelligence on the desktop. The new JNBridge Lab provides a simple Excel front end to HBase MapReduce that allows developers to view HBase tables and execute MapReduce projects. Google's MapReduce is a programming model for processing and generating large data sets. It supports parallel computations over large data sets on unreliable computer clusters.

Why create an Excel add-in? "Microsoft Excel has always been the ubiquitous off-the-shelf tool for data analysis and it makes a ready-to-go front end for Hadoop," the company explained in a blog post. "Excel can be extended using add-ins developed in Visual Studio using...Visual Studio Tools for Office."

The Excel add-in lets users view HBase tables and execute MapReduce jobs. It consists of a single control pane; as the user interacts with the pane, underlying code accesses the Excel data model consisting of workbooks, worksheets and charts.

"Most Hadoop users run Hadoop on Linux, but many also want to integrate .NET and other Microsoft technologies, and we've been supporting them in our series of labs," explained Wayne Citrin, CTO of JNBridge, in a statement. "This latest JNBridge lab extends this support by allowing users to continue to run the analyses on Linux while viewing the results with a familiar Excel front end. By supporting the HBase client API, users can get finer-grained control over the queries that they perform than they can through other mechanisms."

The latest lab uses the company's flagship product, JNBridgePro, for .NET-to-Java interoperability.

The lab also leverages concepts and code from the previous lab, "Building a LINQ Provider for HBase MapReduce"). LINQ (Language Integrated Query) is Microsoft's .NET Framework component that adds native data querying capabilities to .NET languages (C#, VB, etc.).

The Boulder, Colo.-based company began offering these interoperability kits last year as part of the company's 10th anniversary celebration. "It was a way of showing people how to use the out-of-the-box functionality of JNBridgePro to do useful things that they may not have thought of, or that don't exist out there as products," Citrin told ADTmag at the time. The first JNBridge Lab was an SSH Adapter for BizTalk Server designed to enable the secure access and manipulation of files over the network.

Posted by John K. Waters on 05/08/2013 at 10:53 AM0 comments

New Java Security Flaw Uncovered After Mega-Patch

Java is starting to look like a chubby guy in tight Dockers who can't sit down without splitting a seam (and yes, I analogize from experience). A week after Oracle released Java 7, Update 21, which included 42 vulnerability patches, news of a reflection API vulnerability in the newly shipped Java Runtime Environment (JRE) has emerged, as reported by veteran Java bug hunter Adam Gowdiak.

Gowdiak is CEO and founder of Security Explorations, a Poland-based security and vulnerability research company. He wrote about the security flaw on the "Full Disclosure" mailing list, a "lightly moderated high-traffic forum for disclosure of security information." (It's a great list whose contributors display a sense of humor in the face of some serious issues.)

The Java Reflection API is used to examine and modify the behavior of applications running in a Java Virtual Machine (JVM). The reflection API vulnerability affects all versions of Java SE 7, including Update 21, Gowdiak said, and can be used to achieve a complete Java security sandbox bypass on a target system. Successful exploitation in a Web browser would require "proper user interaction," he wrote -- in other words, the user has to click "yes" to allow a malicious app to execute even when a security warning window is displayed.

Gowdiak's post comes on the heels of Oracle's recent announcement that delays in the release of Java 8 are the result of the company shifting significant material resources to work on Java security vulnerabilities.

In January, Oracle's senior product security manager, Milton Smith, told Java User Group (JUG) leaders during a conference call that the company's chief area of concern was Java plugins running applets on the browser. ""A lot of the attacks that we've seen, and the security fixes that apply to them, have been [about] Java in the browser," he said. "It's the biggest target now."

And yet Gowdiak said the new issue he found is present not only in the JRE Plugin/JDK software, but also the Server JRE. He says he sent a report to Oracle "signaling multiple security problems in Java SE 7 and the Reflection API in particular," along with proof-of-concept code, in Apr 2012.

"It's been a year since then and to our true surprise," we were still able to discover one of the simplest and most powerful instances of Java Reflection API based vulnerabilities," he wrote. "It looks [as though] Oracle was primarily focused on hunting down potentially dangerous Reflection API calls in the 'allowed' classes space. If so, no surprise that Issue 61 was overlooked."

Posted by John K. Waters on 04/24/2013 at 10:53 AM2 comments

Hortonworks, Mirantis and Red Hat Partner on Project Savanna

Two of the biggest players in the OpenStack community and a top Hadoop provider announced plans yesterday to join forces to advance the "Hadoop on OpenStack" project known as Savanna. OpenStack systems integrator Mirantis Inc., the company that started Project Savanna, will be working with Hortonworks Inc., the top commercial distributor of Apache Hadoop, and Red Hat Inc., the current leading OpenStack contributor, the three companies said today.

"We're rallying around this notion of Apache Hadoop as the killer application for OpenStack," Shaun Connolly, Hortonworks VP of corporate strategy, told "Hadoop is clearly an important technology in the big data space, and it stands to benefit from being deployed on a cloud platform."

Also known as "Elastic Hadoop on OpenStack," Project Savanna aims to provide a means to easily provision and manage Hadoop clusters on the OpenStack cloud infrastructure. Hadoop, which started as an implementation of the MapReduce paradigm, has evolved into a platform for distributed computing with a growing number of projects built on top of it. The Savanna project specifies Hadoop parameters, such as version, cluster topology and nodes hardware details.

"You can view Savanna as that elastic cloud controller that will make it easy to deploy and spin up Hadoop clusters on demand within an OpenStack cloud," Connolly said.

The collaboration will provide an integration point for third-party Hadoop provisioning and management frameworks, the companies said. One example they point to is the open source Apache Ambari project, which provides an intuitive Hadoop management Web UI backed by its RESTful APIs. The companies say they will have a demonstration of this technology ready for the upcoming Hadoop Summit, scheduled for June in San Jose, Calif.

"We are bringing engineers to bear on this project," Connolly emphasized. "This is not a marketing relationship. It's about real engineers writing real code within a community-driven foundation project."

Mountain View, Calif.-based Mirantis, which specializes in building OpenStack-based, open source cloud platforms, originated Project Savanna, and just recently contributed the source code to the OpenStack community. The project grew out of the "megatrend" of big data initiatives, said company President and CEO Adrian Ionel, and a recognition of a growing demand among its customers for an integrated solution.

"They wanted a unified infrastructure that gives them a more flexible approach to providing resources to applications when they need them, instead of managing separate clusters throughout the enterprise," Ionel said. "We saw a great opportunity to take Apache Hadoop and OpenStack and blend them together to make Hadoop an elastic component on top of OpenStack, which would provide a drastically improved experience in terms of being able to spin up a Hadoop cluster within OpenStack on demand, and then manage it from there and integrate it with other workloads in the enterprise."

Currently in its seventh release (code-named "Grizzly"), OpenStack is made up of several interrelated projects focused on delivering various components for a cloud infrastructure solution. As the community Web site describes it, the project aims to deliver "solutions for all types of clouds by being simple to implement, massively scalable, and feature-rich." More than 180 companies participate in the OpenStack project, including Advanced Micro Devices Inc., Cisco Systems Inc., Citrix Systems Inc., Dell Inc., Hewlett-Packard Co., Intel Corp. and Microsoft.

The three companies made the announcement at the OpenStack Design Summit, which is underway this week in Portland, Ore.

Posted by John K. Waters on 04/17/2013 at 10:53 AM0 comments

Upcoming Events


Sign up for our newsletter.

I agree to this site's Privacy Policy.